Lucene search
K

54820 matches found

Veracode
Veracode
added 2025/12/13 4:43 a.m.8 views

Server-Side Template Injection (SSTI)

net.mingsoft, ms-mcms is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of user-supplied input in the Template Management module, which allows an attacker to inject and execute arbitrary template code on the server...

9.1CVSS7.7AI score0.02731EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2025/12/13 4:33 a.m.14 views

Arbitrary File Upload

ms-mcms is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded ZIP files in the New Template module, allowing attackers to upload crafted files that can be executed on the server, leading to arbitrary code execution...

9.8CVSS7.5AI score0.02576EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.5 views

PT-2025-51077

Name of the Vulnerable Software and Affected Versions Extensive VC Addons for WPBakery page builder plugin for WordPress versions prior to 1.9.2 Description The software is susceptible to a Local File Inclusion issue due to insufficient path normalization and validation of the shortcode name...

8.1CVSS7.5AI score0.00533EPSS
Exploits0References11
EUVD
EUVD
added 2025/12/12 9:31 p.m.4 views

EUVD-2024-55351

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...

8.8CVSS5.6AI score0.00366EPSS
Exploits0References5
Snyk
Snyk
added 2025/12/12 9:31 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Objects module. An authenticated attacker with Instance Administrator privileges can execute arbitrary code by submitting specially crafted Groovy scripts through Object Actions or Validations. Remediation...

7.5CVSS7.3AI score0.00389EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/12 9:31 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Objects module. An authenticated attacker with Instance Administrator privileges can execute arbitrary code by submitting specially crafted Groovy scripts through Object Actions or Validations. Remediation...

7.5CVSS7.3AI score0.00389EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 8:15 p.m.2 views

CVE-2024-58305

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...

8.6CVSS5.8AI score0.00366EPSS
Exploits0References4
NVD
NVD
added 2025/12/12 8:15 p.m.4 views

CVE-2024-58305

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...

8.8CVSS0.00366EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 7:56 p.m.1 views

CVE-2024-58305 WonderCMS 4.3.2 Cross-Site Scripting Remote Code Execution via Module Installation

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...

8.8CVSS5.7AI score0.00366EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/12 7:56 p.m.19 views

CVE-2024-58305 WonderCMS 4.3.2 Cross-Site Scripting Remote Code Execution via Module Installation

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...

8.8CVSS0.00366EPSS
Exploits0References4
CVE
CVE
added 2025/12/12 7:56 p.m.10 views

CVE-2024-58305

WonderCMS 4.3.2 has a cross-site scripting vulnerability at the module installation endpoint. An attacker can craft a payload to inject JavaScript and trick an authenticated administrator into visiting a malicious link, enabling installation of a reverse shell module and remote command execution....

8.8CVSS5.7AI score0.00366EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/12 6:12 p.m.5 views

CVE-2025-64750

SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...

4.5CVSS6.7AI score0.00131EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 3:11 p.m.5 views

CVE-2025-14519

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed...

5.4CVSS5.2AI score0.00217EPSS
Exploits1References1
CVE
CVE
added 2025/12/12 3:3 p.m.17 views

CVE-2025-58770

CVE-2025-58770 concerns the AMI AptioV BIOS, where a local attacker can trigger improper handling of insufficient permissions to escalate privileges. The vulnerability affects the BIOS/firmware layer of AptioV implementations and may impact integrity, availability, and potentially lead to elevate...

8.8CVSS6.5AI score0.00098EPSS
Exploits0References1Affected Software1
SUSE Linux
SUSE Linux
added 2025/12/12 1:49 p.m.5 views

Security update for python

This update for python fixes the following issues: CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation when values passed to it are user-controlled bsc1252974. CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory EOCD record allows...

4.8CVSS6.8AI score0.00345EPSS
Exploits0References8
OSV
OSV
added 2025/12/12 12:18 p.m.5 views

OESA-2025-2795 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free...

4.9CVSS6.9AI score0.00121EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/12 7:16 a.m.5 views

CVE-2025-67738

squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...

8.5CVSS6.9AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/12 2:30 a.m.24 views

CVE-2025-13052 An improper certificates validation vulnerability was found in the Notification settings of ADM

When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle MITM attack, which may obtain the sensitive...

7CVSS0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.5 views

CVE-2025-56083

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrnetworkIdmerge.lua...

8.8CVSS7.9AI score0.01748EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.4 views

CVE-2025-56102

OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226EW1800GX10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

8.8CVSS7.9AI score0.02244EPSS
Exploits1References1
Rows per page
Query Builder